From owner-freebsd-net Tue Oct 27 00:13:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA23991 for freebsd-net-outgoing; Tue, 27 Oct 1998 00:13:30 -0800 (PST) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id AAA23985 for ; Tue, 27 Oct 1998 00:13:28 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id HAA03617; Tue, 27 Oct 1998 07:08:36 +0100 From: Luigi Rizzo Message-Id: <199810270608.HAA03617@labinfo.iet.unipi.it> Subject: Re: tcp resets with ipfw To: jkb@best.com (Jan B. Koum) Date: Tue, 27 Oct 1998 07:08:36 +0100 (MET) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <19981026224146.A9124@best.com> from "Jan B. Koum" at Oct 26, 98 10:41:27 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hello, > > It will really be sad when someday someone with root access to > FreeBSD box does (either accidently or on purpose): > > # ipfw add 1 reset tcp from any to any > > While one might argue this is equivalent to doing "rm -rf /*", > many people alias rm to rm -i. Would it make sence to have > ipfw code check to make sure people don't take down the network > by making a typo or some such? If so, how would we do that? I like > the way Cisco routers do: > > This may severely impact network performance. Continue? [confirm] because any modification to the firewall "may severely impact network performance" you'll have to primt message in all cases, at which point people will alias ipfw to avoid the message. The problem exists for far too many commands including ifconfig XXX delete etc. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message